Skip to content

Add rate limiting guide for MCPServer#691

Merged
jerm-dro merged 4 commits intomainfrom
jerm-dro/rate-limiting-docs
Apr 10, 2026
Merged

Add rate limiting guide for MCPServer#691
jerm-dro merged 4 commits intomainfrom
jerm-dro/rate-limiting-docs

Conversation

@jerm-dro
Copy link
Copy Markdown
Contributor

@jerm-dro jerm-dro commented Apr 10, 2026
edited
Loading

Summary

Document the rate limiting capabilities added to MCPServer in toolhive v0.17.0 (stacklok/toolhive#4550, #4704, #4718).

  • Explain the token bucket algorithm and how shared vs per-user scopes work
  • Show YAML examples for shared limits, per-user limits, combined configs, and per-tool overrides
  • Add to the Kubernetes Operator sidebar after auth-k8s

Video to demonstrate rendering:

Screen.Recording.2026-04-10.at.9.01.11.AM.mov

Related

Generated with Claude Code

@jerm-dro @claude
Add rate limiting guide for MCPServer
7277156 
Document shared and per-user token bucket rate limits on MCPServer
resources, including per-tool overrides and combined configurations.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings April 10, 2026 16:03
@vercel
Copy link
Copy Markdown

vercel bot commented Apr 10, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
docs-website Ready Ready Preview, Comment Apr 10, 2026 9:19pm

Request Review

@jerm-dro jerm-dro requested a review from danbarr April 10, 2026 16:04
Copilot AI reviewed Apr 10, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds Kubernetes Operator documentation for configuring MCPServer rate limiting and links it into the Operator docs sidebar.

Changes:

  • Add a new Kubernetes guide page describing MCPServer rate limiting configuration and behavior.
  • Add the new guide to the Kubernetes Operator section of the Docusaurus sidebar.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File Description
sidebars.ts Adds the new rate limiting guide to the Kubernetes Operator navigation.
docs/toolhive/guides-k8s/rate-limiting.mdx New guide explaining rate limiting concepts and providing YAML configuration examples.

@jerm-dro jerm-dro requested a review from Copilot April 10, 2026 16:58
Copilot AI reviewed Apr 10, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.

@jerm-dro @claude
Add inbound links and polish rate limiting guide
d4c47ed 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@jerm-dro jerm-dro enabled auto-merge (squash) April 10, 2026 18:20
danbarr
danbarr requested changes Apr 10, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@danbarr danbarr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Summary

The guide is well-structured with a clear logical flow, useful code examples, and good cross-linking coverage. Most findings are secondary. One primary issue needs attention before merge: the "Next steps" section points backward to a prerequisite.

Primary Issues

1. "Next steps" links backward to a prerequisite

The first "Next steps" entry links to Authentication and authorization. Auth is a prerequisite for this guide, not a next step — pointing backward breaks the forward-momentum principle and is confusing to a reader who just completed the guide.

Ask: Replace the auth link with a forward-pointing link. The logical next step in the sidebar is redis-session-storage (which is also a dependency for rate limiting), or token-exchange-k8s.

2. Redis address examples aren't clearly placeholders

All three YAML examples that include sessionStorage use redis.default.svc.cluster.local:6379. This looks like a concrete, copy-pasteable value, but:

  • It places Redis in the default namespace, while the Redis Sentinel session storage guide deploys Redis in a dedicated redis namespace (redis.redis.svc.cluster.local:6379).
  • It uses a direct Redis address, while the session storage guide uses the Sentinel-based config — it's not clear whether rate limiting's sessionStorage field supports Sentinel or only direct connections.

Other values that the reader must supply use the <ALL_CAPS> convention (e.g., <YOUR_UPSTREAM_CLIENT_SECRET>). Using a concrete-looking DNS name here is inconsistent with that convention and will confuse readers who followed the Redis guide first.

Ask: Replace with a <YOUR_REDIS_ADDRESS> placeholder (consistent with the project's placeholder convention) and add a brief note pointing to Redis Sentinel session storage for deployment instructions. Alternatively, clarify whether rate limiting supports the Sentinel config or only a direct-address connection.

Secondary Issues

Issue Recommendation
Description opener ("How to configure...") Per the style guide, lead with the action directly. Replace with: "Configure per-user and shared rate limits on MCPServer resources to prevent noisy neighbors and protect downstream services." Same meaning, cleaner DocCard truncation.
Prerequisite conflates Redis purposes "Redis deployed for session storage (rate limiting uses Redis...)" conflates two separate uses of Redis. Rephrase: "Redis deployed in your cluster — rate limiting stores token bucket counters in Redis" to avoid implying it reuses the session storage connection.
Per-tool override YAML is a partial fragment The mcpserver-pertool-ratelimit.yaml example starts at spec:, unlike the three preceding examples which are complete manifests with apiVersion/kind/metadata. Either make it a complete manifest for consistency, or add a note like "Add to your existing MCPServer spec:".
Sidebar order: rate-limiting precedes its Redis dependency redis-session-storage is listed after rate-limiting in the sidebar, but Redis is required before rate limiting can be configured. A reader going in order hits the rate limiting guide before setting up Redis. Consider swapping the two entries.

@jerm-dro @claude
Address review feedback on rate limiting guide
489df8f 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@jerm-dro
Copy link
Copy Markdown
Contributor Author

jerm-dro commented Apr 10, 2026

Thanks for the thorough review, Dan! Addressed all your feedback in 489df8f:

Primary issues:

  • Replaced the backward-pointing auth link in "Next steps" with token exchange (next in sidebar)
  • Replaced all concrete Redis addresses with <YOUR_REDIS_ADDRESS> placeholder, added link to Redis deployment guide

Secondary issues:

  • Removed "How to" from description opener
  • Clarified Redis prerequisite wording (token bucket counters, not session storage)
  • Expanded per-tool YAML from partial fragment to complete manifest
  • Swapped sidebar order so redis-session-storage precedes rate-limiting
  • Removed rate limiting link from intro's primary resource list (inline comment)

@jerm-dro jerm-dro merged commit fd77210 into main Apr 10, 2026
3 checks passed
@jerm-dro jerm-dro deleted the jerm-dro/rate-limiting-docs branch April 10, 2026 21:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@danbarr danbarr danbarr approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jerm-dro @danbarr